NSA Warns of Ongoing Russian Hacking Campaign Against US Systems

The U.S. National Security Agency on Thursday warned government partners and private companies about a Russian hacking operation that uses a special intrusion technique to target operating systems often used by industrial firms to manage computer infrastructure. Reuters reports: "This is a vulnerability that is being actively exploited, that's why we're bringing this notification out," said Doug Cress, chief of the cybersecurity collaboration center and directorate at NSA. "We really want... the broader cybersecurity community to take this seriously." Cress declined to discuss which business sectors had been most affected, how many organizations were compromised using the Russian technique, or whether the cyber espionage operation targeted a specific geographic region.

The NSA said the hacking activity was tied directly to a specific unit within Russia's Main Intelligence Directorate, also known as the GRU, named the Main Center for Special Technologies. The cybersecurity research community refers to this same hacking group as "Sandworm," and has previously connected it to disruptive cyberattacks against Ukrainian electric production facilities. A security alert published by the NSA on Thursday explains how hackers with GRU, Russia's military intelligence, are leveraging a software vulnerability in Exim, a mail transfer agent common on Unix-based operating systems, such as Linux. The vulnerability was patched last year, but some users have not updated their systems to close the security gap.

Re: NSA is trying to incite more anti Russian fear

[t4eXanadu]

Except they are pretty clear that the announcement is for the cybersecurity industry. Sounds like they are being realistic that this won't be taken seriously by the politicians and so they are appealing to the cybersecurity professionals who work with the affected systems so they can be in the lookout.

I don't see anything unreasonable or neferious about that, and I don't have a lot of love for the NSA.

Re:

[sysrammer]

I've been in quarantine, so am not aware that the NSA wishes to work with Russia House.

Re:

[rtb61]

If they were really concerned they would be pushing an international cyber security treaty to allow overseas hacking to be investigated and prosecuted and of course US spy agencies absolutely do not want that because they are the criminally corrupt morons doing most of the hacking.

The corporate contractors just PRing for more millions, tens of millions, hundreds of millions, Billions upon Billions, their greed knows no bounds.

Defective Software Products

[Canberra1]

There is no standard, or end user protection for defective software. Nothing is enforceable, not even durability or the right to repair. However all US company directors, especially for critical infrastructure are required to have risk plans and sign off on security. When you drive a car, you are responsible for being awake and avoiding accidents. If these infrastructure concerns are high on drugs or sleeping tablets, failed in their duties of timely software maintenance - they are flat out negligent, even

Re:

[kot-begemot-uk]

Except they are pretty clear that the announcement is for the cybersecurity industry. .

The announcement relates to a 2019 Exim vulnerability.

Anybody who has not fixed a year old vulnerability in an MTA which has been fixed on the day by every single distro shipping it, does not belong anywhere NEAR the security industry.

So the GP is actually correct, this is the usual "Red under your bed" promotion of the "Forever War" narrative. It has totally f*ck all to do with security.

Huh.

[Type44Q]

Hackers hacking. At least something's still fucking normal in the world.

Re:

[NFN_NLN]

Maybe they're white hat hackers. Breaking into your system to apply patches. :)

Re:

[rtb61]

Nah, hackers from all over the world, hosting their hacking servers in Russia and never ever attacking Russian assets because you know. No treaty, no agreements, no attempt to go through proper channels and surprise, surprise, surprise, nothing happens just more political theatre.

At least they're consistent.

[msauve]

Putin is also hacking the Russian elections.

Re:

[Mr. Dollar Ton]

No, he isn't. He's writing the specifications for them and him winning is part of the expected functionality. No "hacking" involved, it is all by design.

Re:

[sysrammer]

Mod informative.

Re:

[Opportunist]

Huh? Why would he? There's no need to hack a system you are already root on.

Re:

[sysrammer]

Huh? Why would he? There's no need to hack a system you are already root on.

Ah, but once he had to revert back to luser. So he hacked sudo, which allowed him instantiate root privileges as needed. Poot eventually regained root, though, but this time he added the sticky bit.

Re:

[Opportunist]

Yes, but there's still no need to hack the system, just adduser and be done with it.

And?

[Train0987]

Was there ever a time in history when foreign governments weren't attempting to hack US systems? It's time to worry when they stop.

Re:

[Narcocide]

Well, there was a time when we didn't have our own government agencies and national corporations helping them from the inside.

Re:

[Train0987]

What time was that? Seriously.

Re:

[Narcocide]

Before Microsoft?

Re: And?

[Avoiderman]

Obviously yes. Given the US isn't very old compared to some countries.

Pot meet kettle

[Revenge101]

NSA representative warns about Russia spying.... meanwhile the US has been spying on virtually the entire planet for decades. And its not just the US that behaves in this hypocritical way... Russia, China, UK and many others too. Governments violate the privacy of citizens in other countries.. then cry persecution when other countries do it to them. And its not even a left/right thing -- both sides of the ideological aisle support mass surveillance. Spoiled children behave better -- and these are our supp

Re:

[Mr. Dollar Ton]

Well, it is not hypocrisy as long as they don't make value judgements, but just point out the risks and give technical advice on improving security.

The incessant whining of the US government that funds them and is actually using them to spy, on the other hand...

Works in reverse, too.

Would it have killed them to mention Exim?

[mamba-mamba]

Would it have killed them to mention in the summary that it is a security bug in Exim and that a fix has been available for a long time? You know, the five W's, who what when why and where or how?

Who? Russians
What? Hacking exim, a popular email server for internet sites
When? Right now
Why? We can't say because we are the NSA
Where or how? In the USA